package com.yugao.fintech.draper.auth.configure;

import com.yugao.fintech.draper.security.customizer.AuthenticationProvidersCustomCustomizer;
import com.yugao.fintech.draper.security.customizer.OAuth2ClientAuthenticationConfigurerCustomizer;
import com.yugao.fintech.draper.security.customizer.OAuth2TokenEndpointConfigurerCustomizer;
import lombok.RequiredArgsConstructor;
import lombok.extern.slf4j.Slf4j;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.Ordered;
import org.springframework.core.annotation.Order;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationService;
import org.springframework.security.oauth2.server.authorization.config.annotation.web.configuration.OAuth2AuthorizationServerConfiguration;
import org.springframework.security.oauth2.server.authorization.config.annotation.web.configurers.OAuth2AuthorizationServerConfigurer;
import org.springframework.security.oauth2.server.authorization.settings.AuthorizationServerSettings;
import org.springframework.security.web.DefaultSecurityFilterChain;
import org.springframework.security.web.SecurityFilterChain;

/**
 * 认证服务器配置
 */
@Slf4j
@Configuration
@RequiredArgsConstructor
public class AuthorizationServerConfigure {
	/**
	 * 授权服务过滤器链 匹配授权端点请求
	 *
	 * @see OAuth2AuthorizationServerConfigurer#getEndpointsMatcher
	 */
	@Bean
	@Order(Ordered.HIGHEST_PRECEDENCE)
	public SecurityFilterChain authorizationServerSecurityFilterChain(HttpSecurity http,
			OAuth2AuthorizationService oAuth2AuthorizationService) throws Exception {
		// 应用默认OAuth2AuthorizationServerConfigurer配置
		OAuth2AuthorizationServerConfiguration.applyDefaultSecurity(http);
		// 获取authorizationServerConfigurer
		OAuth2AuthorizationServerConfigurer authorizationServerConfigurer = http
			.getConfigurer(OAuth2AuthorizationServerConfigurer.class);
		// 配置授权服务器-/
		authorizationServerConfigurer
			// tokenEndpoint配置
			.tokenEndpoint(new OAuth2TokenEndpointConfigurerCustomizer())
			// 客户端认证配置
			.clientAuthentication(new OAuth2ClientAuthenticationConfigurerCustomizer())
			// 授权服务
			.authorizationService(oAuth2AuthorizationService)
			// 授权服务器设置
			.authorizationServerSettings(AuthorizationServerSettings.builder().issuer("https://art.com").build());
		DefaultSecurityFilterChain securityFilterChain = http.build();
		// 添加自定义的各种认证类型
		new AuthenticationProvidersCustomCustomizer().customize(http);
		return securityFilterChain;
	}
}
